[PATCH 11/16] tools: Pass public-key node through to caller

Simon Glass sjg at chromium.org
Fri Nov 12 20:28:12 CET 2021 

Update the two functions that call add_verify_data() so that the caller
can see the node that was written to.

Signed-off-by: Simon Glass <sjg at chromium.org>
---

 tools/image-host.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/tools/image-host.c b/tools/image-host.c
index e53fe4bbbed..e2b120ce532 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -209,7 +209,8 @@ static int fit_image_setup_sig(struct image_sign_info *info,
  * @comment:	Comment to add to signature nodes
  * @require_keys: Mark all keys as 'required'
  * @engine_id:	Engine to use for signing
- * @return 0 if ok, -1 on error
+ * @return keydest node if @keydest is non-NULL, else 0 if none; -ve error code
+ *	on failure
  */
 static int fit_image_process_sig(const char *keydir, const char *keyfile,
 		void *keydest, void *fit, const char *image_name,
@@ -269,6 +270,8 @@ static int fit_image_process_sig(const char *keydir, const char *keyfile,
 			       node_name, image_name);
 			return ret;
 		}
+		/* Return the node that was written to */
+		return ret;
 	}
 
 	return 0;
@@ -645,7 +648,7 @@ int fit_image_add_verification_data(const char *keydir, const char *keyfile,
 				fit, image_name, noffset, data, size,
 				comment, require_keys, engine_id, cmdname);
 		}
-		if (ret)
+		if (ret < 0)
 			return ret;
 	}
 
@@ -974,6 +977,24 @@ static int fit_config_get_regions(const void *fit, int conf_noffset,
 	return 0;
 }
 
+/**
+ * fit_config_process_sig - Process a single subnode of the configurations/ node
+ *
+ * Generate a signed hash of the supplied data and store it in the node.
+ *
+ * @keydir:	Directory containing keys to use for signing
+ * @keydest:	Destination FDT blob to write public keys into (NULL if none)
+ * @fit:	pointer to the FIT format image header
+ * @conf_name	name of config being processed (used to display errors)
+ * @conf_noffset: Offset of configuration node, e.g. '/configurations/conf-1'
+ * @noffset:	subnode offset, e.g. '/configurations/conf-1/sig-1'
+ * @comment:	Comment to add to signature nodes
+ * @require_keys: Mark all keys as 'required'
+ * @engine_id:	Engine to use for signing
+ * @cmdname:	Command name used when reporting errors
+ * @return keydest node if @keydest is non-NULL, else 0 if none; -ve error code
+ *	on failure
+ */
 static int fit_config_process_sig(const char *keydir, const char *keyfile,
 		void *keydest, void *fit, const char *conf_name,
 		int conf_noffset, int noffset, const char *comment,
@@ -1034,6 +1055,7 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
 			printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
 			       node_name, conf_name);
 		}
+		return ret;
 	}
 
 	return 0;
@@ -1063,7 +1085,7 @@ static int fit_config_add_verification_data(const char *keydir,
 				fit, conf_name, conf_noffset, noffset, comment,
 				require_keys, engine_id, cmdname);
 		}
-		if (ret)
+		if (ret < 0)
 			return ret;
 	}
 
-- 
2.34.0.rc1.387.gb447b232ab-goog

More information about the U-Boot mailing list